Sat, 29 Sep 2007

Something we preach very strongly in our training is the importance of
an understanding of the underlying technology / application / issues,
and being able to dig into the core of an issue, not just try a trick or
two and move on. Sadly, most people don't see it this way.

It's also somewhere between sad and frustrating for me that there seems
to be an over-abundance of so-called "experts" in our field. While this
isn't an issue for those who have a deep understanding, the fact of the
matter is that for many of our customers, their key competence is their
respective industry, and not information security.

Of course, this leads to much snake-oil and other uglyness...and to
increased frustration for those of us who actually *are* trying to help
our customers and add value. Let it be said right now that I don't by
any measure regard myself as an expert on all things information
security, but I'm more than happy to tell people when something is
outside of my field of expertise.

I found an interesting piece in a book I'm currently reading called "Way
of the Turtle" by Curtis M Faith - this is in the context of traders and
the markets, but is more than applicable to our industry, practically
verbatim. The snippet, from a sidebar in the book titles "The Myth of
the Expert" follows.

-snip-

The "don't optimize" counsel is an effect of what my friends and I like
to call the myth of the expert. Unfortunately, in most fields the number
of people who really understand what's going on is very limited. For
every true expert, there are scores of *pseudo-experts* who are able to
perform in the field, have assembled loads of loads of knowledge, and in
the eyes of those who are not experts are indistinguishable from the
true experts. These pseudo-experts can function but do not really
*understand* the area in which they claim expertise.

True experts do not have rigid rules; they *understand* what's going on,
and so they do not need rigid rules.

Pseudo-experts, however, *don't understand*, and so they tend to look at
what the experts are doing and copy it. They know *what to do* but not
*why it should be done*. Therefore, they listen to the true experts and
create rigid rules where none were intended.

One sure sign of a pseudo-expert is writing that is unclear and
difficult to follow. Unclear writing comes from unclear thinking. A true
expert will be able to explain complicated ideas in ways that are clear
and easy to understand.

Another common characteristic of pseudo-experts is that they know how to
apply complex processes and techniques and have been well trained but do
not understand the limits of those techniques.

In trading, a good example would be someone who can perform complex
statistical analyses of trades, runs a simulation that generates 1 000
trades, and then assumes that she can draw conclusions from those trades
without regard for the fact that they might have been drawn from only
two weeks of short-term data. These people can do the math but do not
understand that the math does not matter if next week is radically
different from the last two weeks.

Thu, 27 Sep 2007

We just finished presenting an HBN Bootcamp and an HBN Combat Edition in Lausanne, Switzerland. A lot of people don't know that we do this format - small courses on location worldwide. Its a different vibe to the big courses we do at Black Hat and the like, but it has some real advantages. Here's the feedback we received - I especially like the nice things they say about me...

On the Bootcamp Edition:

"Amazing and excellent!! Great teaching."

"Excellent and very very interesting."

"Very interesting ! Makes me want to know more."

"Cool, crazy, sexy and very rich !!"

"It was my first time in a training where the goal is to succeed without following the book!! And it's fun."

"Impressionnant!"

"This is seriously the most interesting course I have been to for a long time."

"A complete overview of the basis of hacking and security. I liked most the experience of the teacher and his knowledge. "

"The instructor is Very very good. Competent, knows what he is talking about and can share his knowledge."

"I liked most the demonstrations of what hackers do. Learned how to use applications like wikto, burn, etc."

"I liked most all exercises and the mix between theory and practise. "

"Yes. I liked most the labs, because it's a very good way to learn and to detect if the understanding is correct. "

"What I liked most: everything. The time imparted was a little short."

"Good match with Bootcamp. Interesting approach, but still fun and of very good quality. What I liked most: The begninning, the middle and the end ;-)The course could be longer, like 3 days or even more."

"I liked the way the course is delivered, in an interactive and challenging way"

"The way Charl explains the concepts, he makes it really easy to catch the "essence" of the things. Great labs and demos too."